Control: Protocol Policies

Overview

To allow access control over specific Workspot resources (desktops, desktop pools, and RD pools), Control supports Protocol Policies, which duplicate the "Protocol Settings" in a Workspot Security Policy

Key Features:

  • Protocol policies enable and disable user I/O access between the Workspot Client and the Workspot desktop or app.

  • By "I/O access," we mean the ability to send data between the local device and the Workspot desktop/app via local printers, local disks, the clipboard, and so on. In addition, audio and Webcam redirection can be disabled.

  • These repeat the restrictions available under Security policies.

  • Protocol policies take precedence over Security policies. That is, if a Protocol policy is in place, the user's Security policy is ignored.

  • Differences between Protocol policies and Security policies:

    • Protocol policies are applied to specific pools or individual desktops. Security policies are applied to groups of users.

    • Protocol policies are optional (pools and desktops don't need to have a Protocol policy). Security policies are mandatory (every user in every group has a Security policy).

Best Practices

When you have desktops/apps that need different restrictions than would normally apply to their users, Protocol policies are ideal. That is:

  • When restrictions need to be based on the resource, not the user/group, use Protocol policies.

  • Otherwise, use Security policies.

  • If you rely on Protocol policies for a given pool, disable support for the Workspot Clients that don't support Protocol policies (currently Workspot Client for the Web and Workspot HTML5 Client).

Local vs. Remote Protocol Policies

Supported Clients (starting with Windows Client 4.1.0, with others to follow) allow different protocol policies to be assigned depending on whether the Client is on the company network. This would typically be used to allow in-house users to be less restricted than remote users.

This mechanism uses the Location Detector mechanism to distinguish between users on the company network and those outside it.

Using Protocol Policies

Protocol policies are listed on Control's "Policies" page with the rest of the policies. There is no default Protocol policy.

To create a Protocol policy:

1. In Control, click "Policies > Add a New Policy."

2. On the "Add a New Policy" page, assign a name to the policy and select "Protocol Policy" from the "Policy Type" Menu.

3. Fill in the "Protocol Settings" to suit your needs. These settings will be shown in the next section. You can change these settings later by editing the policy.

4. Select the pools and individual desktops you wish to use the policy initially. You can change these assignments later by editing the policy.

5. Click "Add Policy."

Protocol Settings

The protocol settings are shown below. These are the same as the settings described in Workspot Control - Security Policies.

Apply To Pools/Desktops

The "Apply To" section lets you select desktops and pools to apply the policy to. Use the search box to find the desired resources and select them from the list of results.

You can also apply a Protocol policy to a desktop pool through the "Resources > poolname > Actions menu > Edit":

Viewing Pool Assignments

The Protocol policy, if any, is listed on each desktop pool's "Resources > VDI Pools > poolname" page. For RD pools, the page is "Resources > RD Pools > poolname."

Viewing Desktop Assignments

For persistent pools only, you can assign Protocol policies to individual VMs. To see these assignments, go to the "Resources > VDI Pools > poolname" page and click the "Details" tab. The "Protocol Policy" column shows the Protocol policy for the VM, if any: